
def config_cors(url: str) -> dict:
    cors_allow_all_origins = False  # 在生产环境中明确列出允许的来源
    csrf_trusted_origins = ['https://{}'.format(url)]
    cors_allow_credentials = False
    cors_allowed_origins = [
        'https://localhost:5173',  # 如果生产环境中需要使用这些，确保它们也是HTTPS
        'https://127.0.0.1:5173',
        'https://{}'.format(url),
    ]
    return {
        'CORS_ALLOW_ALL_ORIGINS': cors_allow_all_origins,
        'CSRF_TRUSTED_ORIGINS': csrf_trusted_origins,
        'CORS_ALLOW_CREDENTIALS': cors_allow_credentials,
        'CORS_ALLOWED_ORIGINS': cors_allowed_origins,
    }

def config_debug_cors() -> dict:
    cors_allow_all_origins = True
    cors_allow_credentials = True
    cors_allowed_origins = [
        'http://localhost:5173',
        'http://127.0.0.1:5173',
    ]
    return {
        'CORS_ALLOW_ALL_ORIGINS': cors_allow_all_origins,
        'CORS_ALLOWED_ORIGINS': cors_allowed_origins,
        'CORS_ALLOW_CREDENTIALS': cors_allow_credentials,
    }
